12/15/2004 17:59 FAX 216 696 8731 

09/772,231 _____ 



AMIN, & TUROCY LLP. 



@004 



MS 1 5574 LO 1 /MSFTP 1 86US 



Amendments to the Claims 
This listing of claims will replace all prior versions of claims in the application: 
Listing of Claims: 

1. (Currently Amended) A system to facilitate substantially secure communication of data 
from a user-level process, comprising: 

at least a first queue associated with the process, such that the process is operative to 
directly communicate a message relative to the first queue; and 

a first communication context operative to communicate the message between the first 
queue and a second communication context; 

wherein communication between the first queue and the first communications context is 
controlled based on whether an appropriate association exists between the first queue and the 
first communications context, the association between the first queue and the first 
communications context being provided through a privileged operation not adjustable by the first 
user-level p rocess. 

2. (Original) The system of claim 1, wherein the first queue and the first communication 
context reside at a first node that is different from that of the second communication context. 

3. (Original) The system of claim 2, further comprising an interface at the first node 
operative to validate messages communicated from the first queue to the first communication 
context. 

4. (Original) The system of claim 3, wherein the interface is operative to prevent messages 
from being communicated from the first queue to the first communication context if an 
association mismatch exists between the first queue and the first communication context. 

5. (Original) The system of claim 2, wherein the appropriate association between the first 
queue and the first communication context requires membership to a common domain. 
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6. (Original) The system of claim 5 3 further comprising a second queue associated with a 
second process at the first node, such that the second process is operative to directly 
communicate a message to the second queue. 

7. (Original) The system of claim 6, wherein the second queue is associated with the 
common domain through a privileged operation, such that the first and second queues can share 
the first communication context to communicate messages through a channel defined by the first 
communication context and the second communication context, each of the first and second 
queues being operative to communicate messages with at least one process at a node where the 
second communication context resides. 

8. (Original) The system of claim 7, wherein the first process further comprises a process 1 
operating in a user mode and the second process comprises a process operating in a user mode. 

9. (Original) The system of claim 6, further including a third communication context 
associated with the second queue through a privileged operation at the first node, the third 
communication context enabling communication between the third communication context and a 
fourth communication context that resides a node different from the first node. 

1 0. (Original) The system of claim 9, wherein the common domain is a first domain, the 
association between the second queue and the third communication context corresponding to a 
second domain that is different from the first domain, wherein each communication channel 
established in the second domain is isolated from each channel established in the first domain. 

1 1 . (Original) The system of claim 1 , wherein the first queue and the first communication 
context reside at a first node that is different from a second node at which the second 
communication context resides, the system further comprising a third communication context at 
the first node to enable communication of messages between the third communication context 
and a fourth communication context that resides at a third node that is different from the first 
node. 
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12. (Original) The system of claim 11, wherein the first queue is associated with the third 
communication context through a privileged operation, such that the first process is operative to 
communicate the message over a communication channel established between the third 
communication context and a fourth communication context that resides at the third node, which 
is different from the second node. 

1 3 . (Original) The system of claim 1 1 , wherein the first queue and the first communication 
context are associated so as to be part of a first domain, the system further comprising a second 
queue is associated with a second process, the second queue being associated with a third 
communication context so as to be part of second domain that is isolated relative to the first 
domain. 

14. (Original) A system to facilitate communication of data, comprising: 

a virtual hardware component at a first node operable to communicate a message 
received directly from an associated process; and 

a first channel endpoint established at the first node, the first channel endpoint being 
operative to communicate messages to a second channel endpoint residing at a second node; 

wherein each of the virtual component and the first channel endpoint is associated with a 
respective domain through a privileged operation at the first node > communication of messages 
between the virtual component and the first channel endpoint being controlled based on 
validation of the respective domains for the virtual component and the first channel endpoint. 

15. (Original) The system of claim 14, wherein hardware at the first node is operative to 
prevent messages from being sent between the virtual component and the first channel endpoint 
in response to detecting an invalid association between the virtual component and the first 
channel endpoint. 

16. (Original) The system of claim 14, wherein the virtual component is a first virtual 
component, the system further comprising a second virtual hardware component operative to 
communicate a message directly with an associated process at the first node. 
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1 7. (Original) The system of claim 1 6, wherein the second virtual hardware component and 
the first virtual hardware component are members of a common domain, domain membership 
being assigned through a privileged operation not adjustable by the first or second process, 
wherein the first and second virtual components are operative to share the first channel endpoint 
of the first node, such that each of the first and second processes can communicate messages 
with at least one process at the second node. 

18. (Original) The system of claim 14, further including a third channel endpoint at the first 
node, the third channel endpoint being operative to communicate messages with a fourth channel 
endpoint that resides at a node different from the first node. 

19. (Original) The system of claim 1 8, wherein the virtual component is a fust virtual 
hardware component, the system further comprising a second virtual hardware component at the 
first node that is associated with the third channel endpoint through a privileged operation at the 
first node. 

20. (Original) The system of claim 1 9, wherein each of the first and third channel endpoints 
belongs to different domains, such that each communication channel established between 
associated channel endpoints in one of the domains is isolated from each communication channel 
established between associated channel endpoints in each other of the domains. 

2 1 . (Original) The system of claim 1 9> wherein each of the first and third channel endpoints 
belongs to a common domain, such that each of the first and second processes at the first node is 
operative to share first and third channel endpoints to respectively communicate a message with 
at least one process at the second and third nodes based on data in the respective message. 
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22. (Currently Amended) A system to facilitate communication of data, comprising: 
storage means for receiving a message provided directly from a user-level process; 
communication means associated with the storage means for, upon validation of a 

domain association between the storage means and the communication means, sending the stored 
request to a corresponding communication means at another node in the system; and 

validation means for validating the association between the between the storage means 
and the communication means, the storage means and the communication means being 
associated in a privileged operation not adjustable by user-level processes. 

23. (Original) A system to facilitate communication of data, comprising: 

virtual storage means at a first node for storing a message for direct communication 
relative to a user-level process; 

endpoint communication means at the first node for means for, upon determining a 
common domain membership for the storage means and the endpoint communication means, 
enabling communication between the virtual storage means and the endpoint communication 
means; and 

control means for independently controlling domain membership for each of the virtual 
storage means and the endpoint communication means. 

24. (Original) The system of claim 23, wherein the endpoint communication means further 
includes means for preventing communication of messages between the virtual storage means 
and the endpoint communication means in the absence of a common domain membership among 
virtual storage means and the endpoint communication means. 

25. (Original) The system of claim 23, wherein the endpoint communication means further 
includes means for permitting communication of messages between the virtual storage means 
and the endpoint communication means when common domain membership exists among virtual 
storage means and the endpoint communication means. 
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26. (Original) A computer-readable medium having computer-executable instructions for: 
in a privileged mode, setting domain membership for a queue of a first node and setting 

domain membership for a communj cation component of the first node, the communication 
component of the first node being operable to communicate messages with a corresponding 
communication component at a second node, the domain membership being inaccessible by 
user-level processes, the queue being mapped into memory of an associated user-level process at 
the first node, such that the user-level process can communicate directly with the queue; and 

controlling communication of message between the queue and the communication 
component based on the domain membership set for each of the queue and the communication 
component. 

27. (Original) The computer-readable medium of claim 26 having further computer- 
executable instructions for providing an error message to the associated user-level process if the 
domain membership between the queue and the communication component is invalid. 

28. (Original) The computer-readable medium of claim 26 having further computer- 
executable instructions for analyzing the message to identify which of a plurality of 
communication contexts is designated and validating domain membership between the queue 
and the designated communication context to control communication of the message between the 
queue and the designated communication context. 

29. (Original) A method to facilitate communication in a system architecture in which a 
process is operative to communicate a message directly with a storage component coupled to at 
least one local communications component in a node for communicating the message for receipt 
by a second communications component, the method comprising: 

associating the storage component with a domain for temporarily storing the message; 

associating the local communications component with a domain; and 

controlling communication of a message between the storage component and the local 

communications component based on the domain of the storage component and the domain of 

the local communications component. 
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30. (Original) The method of claim 29, wherein the domain for the storage component and 
the domain for the association of the local communications component are implemented 
independently in privileged operation not adjustable by the user-level process. 

31. (Original) The method of claim 30, wherein the controlling further comprises validating 
the domain of the storage component relative the domain of the local communication component 

32. (Original) The method of claim 3 1 , further comprising preventing communication of the 
message from the storage component to the communication component in the absence of a match 
between the domain of the storage component and the domain of the communication component 

33 . (Original) The method of claim 32, further comprising generating an error message in the 
absence of a match between the domain of the at least part of the storage component and the 
domain of the communication component. 

34. (Original) The method of claim 32, further comprising sending the message from the 
storage component to the communication component in response to a valid association existing 
between the domain of the storage component and the domain of the communication component 

35. (Original) The method of claim 30, further comprising discerning from the message 
which of at least one of a plurality of communication components is designated and validating 
association between the storage component and each designated communication component to 
control communication of the message between the storage component and each designated 
communication component 
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